Utilities: Add "pledge" utility for launching a sandboxed command

This new command allows you to run any command with an initial set of pledge promises. Note that dynamically linked executables won't be able to bootstrap without at least "stdio rpath prot_exec". Inspired by http://justine.lol/pledge/ :^)
2025-05-14 09:24:57 +00:00 · 2022-07-14 21:49:26 +02:00 · 2022-07-14 21:49:26 +02:00 · ed9b2a85ed
commit ed9b2a85ed
parent 976562b817
2 changed files with 25 additions and 0 deletions
--- a/Userland/Utilities/CMakeLists.txt
+++ b/Userland/Utilities/CMakeLists.txt
@ -175,6 +175,7 @@ target_link_libraries(pathchk LibMain)
 target_link_libraries(pgrep LibRegex LibMain)
 target_link_libraries(pidof LibMain)
 target_link_libraries(ping LibMain)
+target_link_libraries(pledge LibMain)
 target_link_libraries(pls LibCrypt LibMain)
 target_link_libraries(pmap LibMain)
 target_link_libraries(pmemdump LibMain)
--- a/Userland/Utilities/pledge.cpp
+++ b/Userland/Utilities/pledge.cpp
@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2022, Andreas Kling <kling@serenityos.org>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#include <LibCore/ArgsParser.h>
+#include <LibCore/System.h>
+#include <LibMain/Main.h>
+
+ErrorOr<int> serenity_main(Main::Arguments arguments)
+{
+    StringView promises;
+    Vector<StringView> command;
+
+    Core::ArgsParser args_parser;
+    args_parser.add_option(promises, "Space-separated list of pledge promises", "promises", 'p', "promises");
+    args_parser.add_positional_argument(command, "Command to execute", "command");
+    args_parser.parse(arguments);
+
+    TRY(Core::System::pledge(StringView(), promises));
+    TRY(Core::System::exec(command[0], command.span(), Core::System::SearchInPath::Yes));
+    return 0;
+}